The development of large-scale, decentralized distributed computing environments has highlighted the need for fine-grained control over trust relationships and delegated access rights. Existing approaches do not fully satisfy these needs. They typically lack precision and/or require an undesirable reliance on centralized administration to be effective. In addition, one finds multiple independent mechanisms, with disparate semantics, being used to manage trust, delegation and authorization. This makes it difficult to understand the effective security in large distributed systems and complicates their management.

The goal of the SecPAL project is to develop a language for expressing decentralized authorization policies, and to investigate language design and semantics, as well as related algorithms and analysis techniques. This project is a collaboration between the advanced technology incubation group of Microsoft’s Chief Research and Strategy Officer and Microsoft Research Cambridge.